Implementing and using the NetSupport Connectivity Server



Similar documents
For paid computer support call

pcanywhere Advanced Configuration Guide

RMS Cloud - Setup Instructions for Windows Computers

Lab Configuring Access Policies and DMZ Settings

How to install and use CrossTec Remote Control or SchoolVue in a Virtual and or Terminal Service environment

Defender EAP Agent Installation and Configuration Guide

Windows XP Exchange Client Installation Instructions

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

Broadband Router ESG-103. User s Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Scenario: IPsec Remote-Access VPN Configuration

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Barracuda Link Balancer Administrator s Guide

Setting Up VPN Connection to use Internet Access. 2. Right click on the appropriate VPN connection and click properties

How to set up Outlook Anywhere on your home system

client configuration guide. Business

Remote Access End User Guide (Cisco VPN Client)

WhatsUp Gold v16.3 Installation and Configuration Guide

WHITE PAPER Citrix Secure Gateway Startup Guide

DameWare Server. Administrator Guide

Hosted Microsoft Exchange Client Setup & Guide Book

CONNECT-TO-CHOP USER GUIDE

Pearl Echo Installation Checklist

Sophos Anti-Virus for NetApp Storage Systems startup guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Trend Micro Worry-Free Remote Manager Agent Installation Guide

Lab Configuring Access Policies and DMZ Settings

Global VPN Client Getting Started Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

NSi Mobile Installation Guide. Version 6.2

Last modified on for application version 4.4.4

Endpoint Security VPN for Windows 32-bit/64-bit

Global VPN Client Getting Started Guide

Hosted Microsoft Exchange Client Setup & Guide Book

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

2X ApplicationServer & LoadBalancer Manual

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Installing NetSupport School for use with the NetSupport School Student extension for Google Chrome

Installation and Configuration Guide

Step-by-Step Configuration

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Immotec Systems, Inc. SQL Server 2005 Installation Document

Installation Guide for Microsoft SQL Server 2008 R2 Express. October 2011 (GUIDE 1)

GlobalSCAPE DMZ Gateway, v1. User Guide

Securing the NetSupport Client

Download/Install IDENTD

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Step-by-Step Configuration

MobileStatus Server Installation and Configuration Guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Configuring VPN Using Windows XP

Configuring Security for FTP Traffic

Remote Access Technical Guide To Setting up RADIUS

How to Configure Outlook Client for Exchange

Phone: Fax: Box: 230

How To - Implement Clientless Single Sign On Authentication with Active Directory

Installing and Configuring vcloud Connector

Network Connect Installation and Usage Guide

MultiSite Manager. Setup Guide

Installation Troubleshooting Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

nexvortex Setup Template

Campus VPN. Version 1.0 September 22, 2008

(1) Network Camera

Iridium Extreme TM Satellite Phone. Data Services Manual

VNC Server 4.4. Enterprise Edition for Mac OS X. User Guide

Global VPN Client Getting Started Guide

NEFSIS DEDICATED SERVER

Citrix Access on SonicWALL SSL VPN

How to Set Up Outlook 2007 and Outlook 2010 for Hosted Microsoft Exchange if the Program is Already Installed

Installation and Connection Guide to the simulation environment GLOBAL VISION

Setting up Remote Access

Technical Support Information

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

MN-700 Base Station Configuration Guide

2X ApplicationServer & LoadBalancer Manual

Guide to Setting up Internet Connection Sharing for Windows

Purple Sturgeon Standard VPN Installation Manual for Windows XP

LRDC Computing Services

Installing GFI MailSecurity

Aventail Connect Client with Smart Tunneling

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

WhatsUpGold. v3.0. WhatsConnected User Guide

Web Security Service

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

Hallpass Instructions for Connecting to Mac with a Mac

Sophos Endpoint Security and Control standalone startup guide

Wireless Network Configuration Guide

2X SecureRemoteDesktop. Version 1.1

Dell SonicWALL SRA 7.5 Citrix Access

Transcription:

Implementing and using the Connectivity Server Summary With the increased use of the internet, common questions asked by customers using Manager are: Can I connect to and remote control a machine behind a firewall? and Does Manager work with Network Address Translation (NAT)? Both have been possible in previous versions of Manager; however, to do so involved complex configurations of firewalls to allow incoming connections. Now, Manager includes a Connectivity Server (Gateway) component that will simplify the method of connection and remove the need for complex firewall configurations. CONNECTIVITY SERVER What is the Connectivity Server? The Connectivity Server is a component in Manager which provides a stable and secure method for connecting Clients and Controls via the internet using HTTP and delivers web-based remote control without the need for modifications to existing firewall configurations. The Connectivity Server acts as a go, between for a Control and Client - and when using a Connectivity Server there is no direct communication between the Client and Control. When the Client is configured to use the HTTP protocol, the Client connects to the Connectivity Server at start up. A user at a Control can then connect to the Gateway using the HTTP protocol and browse for connected Clients, then connect to any number of Clients that are attached to the Connectivity Server. As there is no direct connection between the Client and Control, and the protocol used is HTTP, it means that each of the machines can be situated behind a firewall configured to use NAT, without the need to make configuration changes to the firewall. In order for the Connectivity Server to connect a Client and Control, both the Control and Client must be able to connect to the Connectivity Server using the HTTP protocol on the Connectivity Server s configured port (the default port is 443). The Connectivity Server can be located in various different network locations as shown in the following example scenarios. A secondary Connectivity Server can also be installed and Clients configured with the secondary Connectivity Server information. This allows for Connectivity Server redundancy. When the primary Connectivity Server is not available, the Clients will automatically switch to using the secondary Connectivity Server. Once the primary Connectivity Server is available, the Clients will switch back to the primary Connectivity Server, and the secondary Connectivity Server will go into a standby mode again. This process does not disrupt any active remote control sessions that are in progress.

Scenario 1 Connectivity Server on the public internet Scenario 2 Connectivity Server on the Client network with a Control on the public internet In this scenario, the Connectivity Server is installed on the public internet. In this example, no configuration changes would normally need to be made to either of the firewalls. However, the machine that is running the Connectivity Server is freely available on the internet and could be open to an attack. CONNECTIVITY SERVER In this scenario, the firewall at the Client site would need to be configured to allow incoming HTTP connections to the Connectivity Server (on the configured port number). This would be similar to having a web server installed on the Client network, and making it publicly available to users on the internet. This example could be used to provide remote access to users working from home.

Scenario 3 Connectivity Server on a DMZ In this scenario, the firewall at the Control site would need to be configured to allow incoming HTTP connections to the Connectivity Server (on the configured port number). This would be similar to having a web server installed on the DMZ, and making it publicly available to users on the internet. DMZ The advantage of this location for the Connectivity Server is that the machine running the Connectivity Server is now protected from external attack by a firewall. However, this configuration does require some configuration changes to the firewall at the Control site. CONNECTIVITY SERVER Scenario 4 Connectivity Server on the Client network In this scenario, the firewall at the Client site would need to be configured to allow incoming HTTP connections to the Connectivity Server (on the configured port number). This would be similar to having a web server installed on the Client network and making it publicly available to users on the internet. The advantage of this location for the Connectivity Server is that the machine running the Connectivity Server is now protected from external attack by a firewall. CONNECTIVITY SERVER However, this configuration does require some configuration changes to the firewall at the Client site.

Installing the Connectivity Server The Connectivity Server can only be installed on an NT based operating system (XP, Vista, 2003, 2008, 2008 R2, Windows 7, Windows 8 and Server 2012) as the Connectivity Server installs as a service. The Connectivity Server is not installed by default. To install the Connectivity Server, run the standard installation package. When prompted for an installation type, choose Custom. The next screen should then display a list of components. From this list of components, select Connectivity Server and continue through the installation. At the end of the installation the Connectivity Server Configuration Utility will be displayed, as shown below: The Connectivity Server can be configured to listen on specified IP interfaces or on all IP interfaces on the machine. CMPI (Secs): When configured for Connectivity Server connections, the Client workstation confirms its availability by periodically polling the Connectivity Server. By default, a network packet is sent every 60 seconds, but you can change this if required. You can also specify the location and maximum size of the Connectivity Server log file. The logging functions of the Connectivity Server are explained in detail later in this document. Keys You can add a Gateway Key by selecting the Keys tab. Gateway Keys are used to authenticate Clients and Controls, therefore ensuring that unauthorised users cannot connect to and use the Connectivity Server. You must set at least one Gateway Key before you can apply the configuration as the Connectivity Server will not accept any connections unless at least one Gateway Key is configured. Operators The Operators tab will allow you to restrict remote control access to a list of specified users. At the Control, a user will be required to configure a username and password in order to browse a Connectivity Server and connect to the Clients. Licenses The Licenses tab displays all of the licenses that have been applied to the Connectivity Server. The Status field shows if the license has been activated. If the license has not been activated the Activate button can be used to initiate the activation process. This activation process is either performed automatically over the internet, or manually by contacting the Technical Support team, or the local reseller who can supply an Activation Code. Security From the Security tab, the option to {Enable encryption of communications to remote computers} is available. When this option is enabled, all communication in the connection process over the Connectivity Server is encrypted. General Here, you can set the port number that the Connectivity Server will accept incoming connections on. The default port is 443, and this number is registered to. When installing the Connectivity Server onto a machine that already has Information Services (IIS) installed, the port number is required to be changed from 443 to either 3085 (also registered to ), or another port number. Note: The remote computers (Controls and Clients) need to be running Manager version 11.00.0005 or later to use the encryption option. There is an additional option {Block any remote computers not using encrypted communications}. Enabling this option will prevent earlier versions of the Manager Client that do not support the enhanced level of encryption from connecting to the Connectivity Server. The default port for the HTTP protocol on the internet is port 80 and you can configure the Connectivity Server to accept connections on. However, some Service Providers (ISPs) utilise cache or proxy servers that cache HTTP traffic on port 80. If your ISP uses a cache or proxy server, then the Connectivity Server connections will fail.

Configuring Clients to use the Connectivity Server To configure a Client to use the HTTP protocol, you will need to run the Manager Configurator. Run the Manager Configurator and select the Advanced option Expand the Connectivity group and select HTTP ; you should then see the HTTP configuration shown below: To enable HTTP you will need to check the Use HTTP option Enter the port number which the Connectivity Server you are going to use is configured for, the default being 443 Enter the IP address of the primary Connectivity Server Enter the optional secondary Connectivity Server IP address and port number Press the Set button to enter the Gateway Key. The Gateway Key entered must be identical to one of the Gateway Keys added to the Connectivity Server Enter the proxy server details if the Client is connecting to the internet via a proxy server. Once the required configuration details have been entered, click OK to save the configuration and restart the Client. The Client should then connect to the Connectivity Server. The entire configuration for a Client is stored in the client32.ini configuration file. This file can be easily copied or Deployed (using the Manager Deploy tool) to other Client machines. For further details relating to Manager deploy, see the Online Help or the Manager User Manual.

Configuring the Control to use the Connectivity Server Before you can connect to a Client using a Connectivity Server, you must add the Connectivity Server to your Control Console. To do this, follow the steps below: Run the Manager Control In the left hand pane, select the Gateways group Double click on the Add a Gateway icon On the first window, enter the name and description and click Next. Here, you can enter any details you wish that describe the Connectivity Server Enter the IP address of the Connectivity Server and the port number that the Connectivity Server is configured to use (default is 443) If required, check the Use Proxy Server box and enter the proxy server IP address and port number. Click Next. Click the Set button and enter the Gateway Key Note: If the Connectivity Server is configured with multiple Gateway Keys, when you browse for Clients on this Gateway you will only see the Clients that are using the same Gateway Key as entered If Operators have been configured on the Connectivity Server, click Set and enter in the matching username and password. Click Finish. It is possible to configure multiple Connectivity Servers in the Control Console with the same IP address but with different Gateway Keys. Once you have a Gateway configured in the Control Console the browse option can be used to display the list of Client machines currently connected to the Connectivity Server. Securing the Connectivity Server The Connectivity Server will support multiple Gateway Keys. Each Gateway Key must be a minimum of 8 characters, Gateway Keys can be added to the Connectivity Server dynamically without disrupting any current Client connections. The Connectivity Server will not accept connections from a Control or Client unless a matching Gateway Key configured the Client or Control has also been entered on the Connectivity Server. Clients can only be configured with one Gateway Key, whereas the Control Console is able to support multiple Connectivity Servers, each with a different Gateway Key. All Gateway Key data is sent encrypted between the Client, Control and Connectivity Server. Once connected to the Connectivity Server, all Client and Control security such as User Validation, Security Keys etc will function normally. A Control can only connect and browse for Clients that are using the same Gateway Key as the Control. Gateway Key Connection Matrix Control Gateway Key Gateway Gateway Keys Client Gateway Key Result Testing1 Testing2 Test1 No connection from Client or Control Testing2 Testing1 Testing2 Testing1 Client connects to Connectivity Server but Control cannot connect to this Client or see the Client in a browse Testing1 Testing1 Testing1 Client connects, Control can connect to the Client and see the Client in a browse Testing2 Testing1 Testing2 No connection from Client or Control Testing2 Testing1 Testing2 Test3 Client connects, Control can connect to the Client and see the Client in a browse

Logging and monitoring the Connectivity Server The Connectivity Server runs as a Gateway32 service and is displayed as an icon in the system tray. Right clicking on the icon will display a shortcut menu with options for Open, Configure Connectivity Server or About. Selecting Open will display the Connectivity Server Console window as shown below. The Clients tab shows a list of all the Clients currently connected to the Connectivity Server. The Active Sessions tab displays a list of current connections between a Control and a Client, with the date and time that the connection started. The Connectivity Server creates a log file that records activity for the Connectivity Server. The log file name is GWxxx.log, and it is stored in the location specified in the Connectivity Server configuration window. GW001.log example: 29-Jan-14, 16:11:20, V12.00, running on Windows NT 6.0 Service Pack 1 (build 6001), platform 2 29-Jan-14, 16:11:20, Connectivity Server started, Max. Licensed connections: 5, Listening port: 443 29-Jan-14, 16:15:32, Connectivity Server stopped

The following is a list of events that are written to the Connectivity Server log file: <product_name> <product_version>, running on <operating_system> <operating_system_version> <operating_system_ service_ pack> (build <build_number>), platform <platform_number> This event is logged when the Connectivity Server is first started. A typical example would be as follows: V12.00, running on Windows NT 6.0 Service Pack 1 (build 6001), platform 2 Gateway started. Mac licensed connections: <max_connections> This event is logged when the Connectivity Server is first started. Failed to start Gateway This event is logged when the Connectivity Server fails to start. Gateway stopped This event is logged when the Connectivity Server is stopped. Listening on port <port_number> This event is logged when the Connectivity Server starts listening on the specified port. This occurs during start-up and when a change in the Connectivity Server port is applied in the Connectivity Server Configurator. Failed to bind to listening port <port_number> This event is logged when the Connectivity Server fails to assign the specified port to listen for incoming connections. The port is probably being used by another application. Reloading configuration This event is logged by the Connectivity Server when the administrator has used the Connectivity Server Configurator to apply configuration changes. Listen port has changed. All current connections and sessions will be terminated. This event is logged by the Connectivity Server when the administrator modifies the listening port in the Connectivity Server Configurator and then applies the change whilst the gateway is running. Reloading Gateway Keys This event is logged by the Connectivity Server when the administrator has used the Gateway Configurator to apply configuration changes which may have included additions or removals to the list of Gateway keys. Client <Clientname> connected This event is logged when a Client connects to the Connectivity Server. Client <Clientname> Disconnected This event is logged when a Client disconnects from the Connectivity Server. Control <controlname> connected to Client <Clientname> This event is logged when a Control connects to a Client. Control <controlname> disconnected from Client <Clientname> This event is logged when a Control disconnects from a Client. Licence exceed. Rejecting connection from Client <Clientname> (<real_ip_address>, <public_ip_address>) This event is logged when a Client connecting to the Connectivity Server would exceed the licensed number of Clients. Security check failed for Client <Clientname> (<real_ip_address>). Terminating connection from <public_ip_address> This event is logged when a new Client connection fails to provide a valid Gateway Key. Security check failed for Control browse. Terminating connection from <public_ip_address> This event is logged when a Control fails to provide a valid Gateway Key during a browse Clients request. Security check failed for Control <controlname>. Rejecting connection request to Client <Clientname> from <public_ip_address> This event is logged when a Control fails to provide a valid Gateway Key during a connection request to a Client. Client/Control security check failed for Control <controlname>. Rejecting connection request to Client <Clientname> from <public_ip_address> This event is logged when the Gateway Key provided by the Control during a connection request to a Client does not match the Gateway Key supplied by the Client.

Further Information If you require any further information regarding Manager, you can contact the Technical Support Team using the following details: UK Office: Limited, Technical Support Department House, Towngate East Market Deeping, Peterborough PE6 8NE United Kingdom Telephone: +44 (0)1778 382 272 Email: support@netsupportsoftware.com Visit us:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information